Local Admin Password Solution has come a long way and the March 2025 Update (Service release 2503) had some good enhancements for the solution. Randomizing the LAPS username is one of them. Rather than enabling the local Administrator account or creating a special admin account for LAPS, having an auto randomizing username sounds confusing to … Continue reading Configure Windows LAPS in Intune – March 2025 Update
Author: Shehan Perera
I’m a self driven and passionate individual about Windows Server management, Cloud strategies, Azure, Microsoft 365, Exchange Server, Microsoft Teamwork, Microsoft Infrastructure technologies, ITIL standards, end user support and a passion for troubleshooting.
I strongly believe my skills in different layers in IT Infrastructure during the last 10 years has immensely helped me to become the person I am today and I embrace it and loving every second of it.
Let’s Get Started with Security Copilot
Why Security Copilot? Copilot is everywhere these days. I often make this joke, Is there a Copilot for Copilot? Maybe a dull joke. But jokes aside, Copilot continues proving that this is the way forward for everything Microsoft. AI technology is inevitable, and using it in the responsible way is the right thing to do. … Continue reading Let’s Get Started with Security Copilot
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
In today's threat landscape, the adversaries are trying to get into organizations in any way they can. New authentication methods are being introduced, and a combination of those methods or auth strengths are too. If you check the demographic of the QR code authentication as advised by Microsoft (which is in Public Preview as of … Continue reading QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go!
Making Identity and Access Management More Resilient with Microsoft Entra ID
As organizations are moving the Identity Infrastructure from on-prem to cloud, it is important to understand "what could go wrong" and how to be resilient so the identity-related activities will continue to work with minimum or less downtime. The identity strategy should have some key components when it comes to resilience and identify and document … Continue reading Making Identity and Access Management More Resilient with Microsoft Entra ID
How to Change Intune Security Baseline Policy to Version 24H2?
Intune Security Baseline for Windows 10 and later Version 24H2 is finally here. This is a quick look at the policy and useful details on migration to the new policy. What you will see in the Security Baselines nowWhat's Available in Version 24H2Migrating from 23H2 BaselineTest Before Applying!Useful Links What you will see in the … Continue reading How to Change Intune Security Baseline Policy to Version 24H2?
🎙Out of Band: Microsoft Security Podcast. EP02: Intune it
In this episode, we discuss:- The transformation of SC-400 to SC-401,- An amazing resource on the DSPM for AI journey,- The new version of IntuneMaps (Version 3),- A new web-series to assist in your Intune cloud migration journey,- and... a special guest announcement for Episode 3. https://www.youtube.com/watch?v=6FvzfEOSHaE&feature=youtu.be Tune in and let us know what you … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP02: Intune it
🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Excited to bring the Out of Band: A Microsoft Security Podcast EP01 - Boots on Ground.In this episode, we discuss:- The Microsoft Summer Bootcamp highlights and the overall experience,- Microsoft Secure Future Initiative and what it means to Windows and the overall ecosystem, and- We navigate a password hash synchronization challenge and how to resolve … Continue reading 🎙Out of Band: Microsoft Security Podcast. EP01: Boots on Ground
Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
This is 2025 and going Passwordless or using long-lived (365 days) passwords is the recommendation. However, this has been a question for most customers wherever I go. But if you ask, everyone is using their own way to work around this. One popular method is notifying users of the password expiry like a set of … Continue reading Identity Nugget – Bringing On-Prem AD Password Expiry and Force Reset to Entra ID Synced Accounts
🎙High time for a Podcast – Out of Band
The name was coined as a little play to the Windows patch updates - "Out of Band Updates". We are 3 tech professionals talking about all things Microsoft Security and everything in between in the podcast sessions. This idea was bubbling away for a couple of months and finally, we were able to sit down … Continue reading 🎙High time for a Podcast – Out of Band
How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
TL;DR: Jump Hosts - We login to Jump Hosts to then login to the servers and other apps we need to access mainly to perform admin tasks. Jump Hosts are often secured on the Network Layer and other Windows Permissions which will come into play when the admin logs in. But what can be done … Continue reading How to Configure Entra Identity Governance Features with Private Access for Jump Hosts
My 2024 LinkedIn Rewind and Thank you!
https://coauthor.studio/rewind was awesome as it just collates all the LinkedIn activities. And as 2024 is coming to an end, it is always to look back what you have accomplished and what impact you have had on the community. Looking forward to 2025! I would like to thank everyone who is reading my blogs and getting … Continue reading My 2024 LinkedIn Rewind and Thank you!
The 3 Stages of CA Policy Maturity – Lessons from the Field
Not too long ago I spoke in the Adelaide Microsoft IT Pro User Group regarding Conditional Access Policies (CA policies) we all know and love. It was not a 100% technical how-to discussion as chances are you are already using this in your environment. If I break down my presentation into 3 main parts, it … Continue reading The 3 Stages of CA Policy Maturity – Lessons from the Field
Inspecting Microsoft Defender Attack Surface Reduction Rules
What I will be covering in this article 👇🏽 Not a How, but more of a WhyProactive Prevention Vs. Reactive DetectionThe Ever-Expanding Attack SurfaceWhy Does Attack Surface Management Matter? - Painting the Picture With An ExampleA Good Rollout RoadmapPolicy Exceptions - Experience From the FieldPlanning the DeploymentLet's Categorize the RulesUnderstanding the ASR Rule ModesIf You … Continue reading Inspecting Microsoft Defender Attack Surface Reduction Rules
▶️Video – New Intune Device Preperation. A Step by Step Guide
This is the 1st step by step guide on my YouTube Channel. I wanted to dedicate this to the new Intune Device Preparation process. AKA Autopilot V2. I've added a couple of useful links in the description. I hope you'll like this video. Subscribe to my channel for the latest content! Thank you :) https://www.youtube.com/watch?v=5JxF9gneqw4
I May Have Finally Launched my YouTube Channel
This is something I wanted to do from a long time and I guess finally I did it. Launching my own YouTube channel. I gave a lot of thought to planning the goal of this channel and what content I want to bring in and I'm so excited to share my knowledge in this form … Continue reading I May Have Finally Launched my YouTube Channel
Mandatory MFA Enforcements! Including Service Accounts and Break Glass Accounts. Now What?
Mark the calendars and make the necessary reminders - 15 Oct 2024 as this will be the day that this enforcement will come into play. This is a good initiative as it will apply the extra layer of protection to the set of applications below. As you can see most of the applications listed below … Continue reading Mandatory MFA Enforcements! Including Service Accounts and Break Glass Accounts. Now What?
Browser Security With Microsoft Intune – Set Google Workspace Domain Restrictions
It is possible that the organizations are in multi-cloud environments. Having a Google Workspace is nothing new. However, if you want to make sure your users are only login to a given list of domains and not to other Domains, a policy setting is imminent. Usage: This policy works in both Microsoft Edge and Google … Continue reading Browser Security With Microsoft Intune – Set Google Workspace Domain Restrictions
Browser Security With Microsoft Intune – How to Block Browser Extensions?
This is blog post 1 of the Browser Security With Microsoft Intune series. I wanted to dedicate this article to browser extensions. This is something we all know dearly, but can pose issues in a working environment if it's not managed properly. The IssuePast Browser Extension-Related IncidentsCreate the PolicyMicrosoft EdgeGoogle ChromeMozilla FirefoxKey Settings to Consider … Continue reading Browser Security With Microsoft Intune – How to Block Browser Extensions?
Browser Security With Microsoft Intune
This is a new set of blog articles I want to introduce. It's no wonder that the browser has become one of the main components in the device and what browser you use, security is an integral part of it. Microsoft Intune supports browser security and goes into the deep levels of helping the admins … Continue reading Browser Security With Microsoft Intune
Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
I've been doing a lot of research into Microsoft's new Global Secure Access recently as most of the features have gone on General Availability. Entra Private Access caught my eye. However, before discussing the feature, it is wise to discuss about the underlying technology that Entra Private Access uses and then jump on to it. … Continue reading Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
EMS Route 